E-discovery: 6 tips for organizations that go it alone

This article is the third installment in a series on e-discovery issues and areas that offer inside counsel the greatest opportunities to reduce risks and save costs. Read parts one and two.

As business organizations become more sophisticated about the costs and mechanics of e-discovery, many decide to forgo the expense of outside counsel and undertake the collection and production process alone. Of course, not every legal department has the horsepower to handle this type of work and, even if they do, many complex cases are best left to outside lawyers who do this work regularly. But for businesses that understand the process and decide to go it alone, here are some good tips:

Know your record retention policy. Many large organizations have such complex record retention policies that most employees (even those in the legal department) only understand what relates to them, and few know the entire overview. Be sure you understand the big picture at the outset.

Issue strong litigation holds. Unfortunately it is easy for people to not fully digest litigation hold memoranda, and even when they do, they can forget about them quickly. So remind those key players frequently of their obligations, and keep meticulous track of who has responded and who has ignored you.

Be careful with employee self-collection.The strong temptation is to ask the key players simply to self-collect and send you their email and other responsive data. In some cases this can be fine, but the larger the organization’s exposure—and the more the key players themselves may have something to hide—the less this is a good idea. Even well-meaning employees may just not have the time or inclination to do as thorough a job as they should, and the employee who has something to hide may well try to do so.

Thus, the best practice usually is to have someone from IT collect the data under the supervision of a lawyer. Arrange this with sensitivity, however, to minimize the angst of employees who may incorrectly assume that they are the target of an internal investigation when people appear at their door to collect data.

Educate the IT department. By now many companies have established some form of dotted-line reporting between legal and IT such that the IT department understands what to do in the event of a litigation hold. This does not mean, however, that IT departments will have a litigator’s understanding of the broad scope of discovery or any other aspects of the process.

So, when relying on internal IT staff to assist in a collection, be sure to be clear, specific and thorough. Sending an email to do a search of “all electronic documents” often will lead to unwelcome surprises. Staff may interpret this as a request to just search email or a shared server. When handling the collection in-house, you must specifically tell the IT department what to look for (e.g. Word documents, Excel spreadsheets, PowerPoints, email, video, phone and/or database records), and where to look (e.g. department shared servers, employee laptops or C-drives, custom databases, legacy systems, server logs and/or Internet logs). Create a checklist so the IT staff can make sure to search every corner.

Just as importantly, be sure to prevent any spoliation (or inadvertent destruction) of the metadata. All too frequently, well-meaning inside IT professionals will simply copy requested data into a special file or drive without taking appropriate precautions. Even the simple act of dragging and dropping a document can change (and thus destroy) important metadata like the directory structure or last-access date. This is another reason to not simply have key players send in their data. Often the best DIY collection system involves copying data over to an external hard drive using a program like Robocopy that won’t change anything. When the collection has been finalized, make a working copy of that drive for use in the review, and keep the original pristine in a sealed envelope with a memo sufficient to guarantee and verify a proper chain of custody.

Chose a good service provider and check it carefully . Unless you will be producing a small volume of data in native format, even the most sophisticated business usually will need an e-discovery service provider to process the data into a form that can be used with the most common litigation databases (e.g. Summation and Concordance) for production. If that is all the vendor will be doing, it can usually be done for a reasonable price. Unless you have a service provider that you’re already comfortable with, be sure to get two or more estimates.

There is tremendous price completion in the field, and if you are clear on what you need, these businesses often will be willing to negotiate. But, and this is important, never assume that even the best e-discovery vendor is infallible. You absolutely must check every disc that gets forwarded to an opposing party. Horror stories of inadvertently copied privileged files abound. So never rely on the vendor to forward any production discs to anyone but you, and then be sure to review the disc yourself before sending it to the other side.

Encode anything that leaves your office. Never transmit by mail, the Internet or even courier any data that is not encoded. There are a number of free encoding products on the market, so it is fast and easy to do. Losing a hard drive of sensitive information in the mail, however, can be an insurance event.

In the appropriate case and with adequate resources, organizations can save real money by handling some or most of the e-discovery process in-house. But if in doubt, the best bet may be to farm it out.